mount: make fs-verity optional

Signed-off-by: Sanne Raymaekers <[email protected]>

Author: croissanne

crates/composefs/src/mount.rs

@@ -75,14 +75,21 @@ pub fn erofs_mount(image: OwnedFd) -> Result<OwnedFd> {
     )?)
 }
 
-pub fn composefs_fsmount(image: OwnedFd, name: &str, basedir: impl AsFd) -> Result<OwnedFd> {
+pub fn composefs_fsmount(
+    image: OwnedFd,
+    name: &str,
+    basedir: impl AsFd,
+    enable_verity: bool,
+) -> Result<OwnedFd> {
     let erofs_mnt = prepare_mount(erofs_mount(image)?)?;
 
     let overlayfs = FsHandle::open("overlay")?;
     fsconfig_set_string(overlayfs.as_fd(), "source", format!("composefs:{name}"))?;
     fsconfig_set_string(overlayfs.as_fd(), "metacopy", "on")?;
     fsconfig_set_string(overlayfs.as_fd(), "redirect_dir", "on")?;
-    fsconfig_set_string(overlayfs.as_fd(), "verity", "require")?;
+    if enable_verity {
+        fsconfig_set_string(overlayfs.as_fd(), "verity", "require")?;
+    }
     overlayfs_set_lower_and_data_fds(&overlayfs, &erofs_mnt, Some(&basedir))?;
     fsconfig_create(overlayfs.as_fd())?;
 

crates/composefs/src/repository.rs

@@ -396,7 +396,7 @@ impl<ObjectID: FsVerityHashValue> Repository<ObjectID> {
 
     pub fn mount(&self, name: &str) -> Result<OwnedFd> {
         let image = self.open_image(name)?;
-        Ok(composefs_fsmount(image, name, self.objects_dir()?)?)
+        Ok(composefs_fsmount(image, name, self.objects_dir()?, true)?)
     }
 
     pub fn mount_at(&self, name: &str, mountpoint: impl AsRef<Path>) -> Result<()> {